CVE-2017-0260 — Corporation Microsoft Office vulnerability

16 documents5 sources

Severity

8.8HIGHNVD

NVD7.8

EPSS

28.4%

top 3.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Excel Microsoft Office +21 more

Timeline

PublishedJun 15

Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages23 packages

▶NVDmicrosoft/office4 versions+3

▶NVDmicrosoft/office_web_apps2010

▶NVDmicrosoft/office_online_server2016

▶NVDmicrosoft/office_web_apps_server2013

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services.

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qwph-q65f-w8rg: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code↗2022-05-13

▶

GHSA

GHSA-mw6x-vg34-fr9v: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code↗2022-05-13

▶

GHSA

GHSA-4948-3w2r-3h9p: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code↗2022-05-13

▶

GHSA

GHSA-7q45-gm3c-7wcj: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code↗2022-05-13

▶

GHSA

GHSA-xqvh-h263-wrrc: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2017-06-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - June 2017↗2017-06-13

▶

Qualys

Microsoft Fixes 94 Security Issues in Massive June Update | Qualys↗2017-06-13

▶

Qualys

Microsoft Fixes 94 Security Issues in Massive June Update↗2017-06-13

▶

External resources

NVD MITRE

Affected products24

Microsoft Corporation Microsoft OfficevMicrosoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services.

Microsoft Excelv2013

Microsoft Officev2007v2010v2013+1 more

Microsoft Office Online Serverv2016

Microsoft Office WEB Appsv2010

Microsoft Office WEB Apps Serverv2013

Microsoft Onenotev2010

Microsoft Outlookv2010v2013v2016

Microsoft Powerpoint FOR MACv2011v2016

Microsoft Sharepoint Enterprise Serverv2013v2016

Disclosure

PublishedJun 15, 2017

Latest updateMay 13, 2022